SANS BoF -- VPN Security Risks

Tina Bird tbird at PRECISION-GUESSWORK.COM
Mon Dec 20 20:32:55 EST 1999


Hi all --

After my SANS class last week, I led a Birds of a
Feather session on the various security risks introduced
into corporate networks by having remote access VPNs
based out of people's houses -- and bounced around a
few ideas about how to address them.

Most of the "solutions" addressed home connectivity
equipment -- cable modems, DSL, etc -- with firewall
capabilities, firewall-like software (controllable by
the corporate security administrators) that runs on
VPN client devices, and tightly configured access
controls lists on corporate firewalls and VPN devices.

We didn't come to a whole lot of conclusions, tho'
most people agreed on the notion that PCs >owned< by
the corporation were usually easier to secure and
manage.

This whole issue is clearly one of the most important
things we're struggling with at the moment -- most
vendors aren't addressing the risks of "piggy back
attacks."  So my question is, how are people dealing
with it in the "wild"?

I'd like to add this to the FAQ.

TIA -- Tina

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list